http://www.boozallen.com/insights/expertvoices Booz Allen panel series bringing together top leaders from government, industry, and academia. Fri, 25 May 2012 02:37:01 -0400 webmaster@bah.com http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-cybersecurity-insurance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=07934 Expert Reactions: Eric Cole, Associate Organization's today need to recognize that they are going to get compromised. A comprehensive approach must take into account that prevention is ideal but detection is a must. In order to provide proper protection, an organization must have a list of all critical information and business processes that utilize that information, with all of this mapped to systems within the environment. It is important to always remember knowledge is power. An organization cannot protect what they do not know. If the offense knows more than the defense, an organization will lose. Once accurate information is gathered, everything in security must map back to risk. Before an organization spends a dollar of their budget or an hour of their time they should always answer three questions: 1) What is the risk?; 2) Is it the highest priority risk; 3) Is it the most cost-effective way to reduce the risk? While many organizations focus on risk remediation, today many risks cannot be properly remediated and need to be transferred to a third party. Therefore, cyber insurance is becoming more and more important to help an organization properly manage risk. In cases where an organization cannot remediate and/or accept the risk, utilizing insurance is an effective solution. While the industry is still not fully mature, this is a big growth area that will be required to keep pace with the advanced threat. Eric Cole Thu, 10 Nov 2011 00:00:00 -0500 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-cybersecurity-insurance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=07934 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP1-cyber-business-due-diligence-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6b3a5 boozallen.com Tue, 08 Nov 2011 12:00:00 -0500 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP1-cyber-business-due-diligence-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6b3a5 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP3-cybersecurity-and-international-investments?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=3f69b boozallen.com Tue, 08 Nov 2011 12:00:00 -0500 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP3-cybersecurity-and-international-investments?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=3f69b http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP2-cybersecurity-influencers?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=15f45 boozallen.com Tue, 08 Nov 2011 12:00:00 -0500 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-PCP2-cybersecurity-influencers?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=15f45 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-solid-cyber-environment?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=e7992 Principal with expertise in information security and risk management; recently inducted into the Information Systems Security Association Hall of Fame. Cybersecurity is an environment of give and take. New technologies are constantly emerging in the market with promises to improve efficiency and increase your business potential. On the other hand, cyber threats continuously evolve to increase the risks incurred by adopting new and current technologies into the mainstream of your business culture. Successfully establishing a solid cyber environment hinges on our ability to leverage new technologies and better conduct our business while simultaneously mitigating the risks threatening to compromise our mission. Understand the Risks The best way to stay on top of emerging threats and technologies is to stay involved and leverage the information available. It's important to take advantage of blogs, security bulletins, case studies, and third-party sources with experience across multiple markets - all of which freely provide security-related information - to develop a general understanding of what is going on in the cyber realm. When sharing this knowledge across the organization, it's important to make it meaningful on a personal level, not just from a corporate perspective. It's also helpful to recognize the risks your organization currently takes when evaluating the potential risks involved in adopting new technologies. In many cases, you may already be operating in a risky environment without knowing it. Understand the Business Impact Looking at the current environment, mobile applications continue to be a pervasive technology, with a quick and high adoption rate. Unfortunately, they're also a rather risky investment, known to be riddled with security holes. Before adopting new technology, such as mobile applications, it's important to consider what business needs the technology will meet and how it can work in your corporate environment. Ask employees to be involved in the decision making process. When they suggest new technologies, encourage them to explain how it will benefit your organization and how it can be secured. In other words, don't just adopt something for the sake of adopting it; make a business case for any new technology. Then, you can evaluate common processes and procedures and, in some cases, core applications, to use throughout the organization and reduce the risks involved. Be Strategic, Not Reactive In reality, a lot of security is tactical, but by working with business stakeholders, we can begin to be more strategic. This comes by understanding the risks and business impact of new technology as well as creating a culture that recognizes and communicates security needs. Many organizations don't view security as a business driver. However, but with increased awareness, better communication, and a more strategic approach, security can not only drive business but improve employee satisfaction as well, by allowing employees to leverage emerging technologies securely. Pam Fusco Thu, 27 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-solid-cyber-environment?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=e7992 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-successfully-defending-against-evolving-attacks?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=94694 Principal with extensive expertise in secure network design and information systems security. The idea of 100% security is not a reality anymore. The new breed of attacks - which is constantly changing and evolving - is persistent. The threat is not simply a disruption of service or operations, your critical data and information is targeted by patient and sophisticated attackers who will continue to break in until they are successful. In this environment, how are we going to win? Cyber-Shoplifting One way to look at this threat landscape is to imagine the attackers as cyber-shoplifters. The most successful defense against shoplifting is to lock all the doors and not let anyone in. However, this is also an effective method of going out of business. Essentially, you have to allow incoming traffic and, at the point of entry, legitimate traffic looks identical to nefarious traffic. At some point though, they will change their behavior. That's where you catch them. We need to focus on these points of deviation - anomalous behavior, increased data transfer rates, and numerous connections - and quickly identify threats to your network. Treating Cancer For another perspective, we can consider treating health problems. Three years ago, we were fighting the equivalent of the common cold, now we're fighting cancer. You can't control what germs you're exposed to, or whether or not you get sick, but you can take specific measures to minimize the toll it takes. The goal is early detection , which involves knowing what to look for, what tests to perform, and - before the symptoms become a terminal illness -remediate and remove the threat. You'll never be penalized for having a breach and catching it early, but you will if you have a breach and don't catch it for six months. Redefining "Win" When it comes to cybersecurity , a "win" used to be defined by preventing any attackers from compromising your networks. As we've come to realize that's no longer an option, we also recognize the need for a new definition of "win." The reason companies are suffering so much damage today is because the attackers are stealthy. Many breaches occur over a period of several months without detection. The impact of a cyber attack increases significantly the longer the network is compromised. With that in mind, early detection is essential in order to successfully defend against today's cyber attacks. Our expertise leverages tools like Advanced Forensic Responder (AFR) and other methodologies to monitor our clients' networks and provide early detection. A "win" in today's cybersecurity landscape is characterized by minimizing the damage incurred due to early detection and quick remediation. Eric Cole Thu, 27 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-successfully-defending-against-evolving-attacks?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=94694 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-cyber-dichotomy?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=65756 Principal with extensive expertise in government affairs and large-scale change management. During the recent Expert Voices panel which discussed the Cybersecurity Dilemma, we heard John Allen, CEO of Bluestone Capital Partners, talk about how most of the investment he sees today revolves around companies offering some sort of cyber product or service. However, in his experience and that of our other panelists, we learned that virtually no due diligence is typically done with respect to the state of cybersecurity of the acquired entity . Why the dichotomy? Imagine an institutional investor acquiring a pharmaceutical company based on the prospects of a new drug coming to market. Imagine how the investor would react if the very next day after the deal closes a cyber attack occurs, and all of the intellectual property relating to the new drug is stolen. The share price tanks, and the value of the investment is lost--in one day. The risks of cybersecurity to the value of a company are that real and can carry that much impact, that quickly - whether you are a company wishing to maximize valuation in anticipation of acquisition or an investor wishing to secure a solid investment value for its purchase. So one would think that investors considering an acquisition, with their hoards of corporate attorneys and accountants performing due diligence into potential risks to valuation, would focus very heavily in this area. That is not happening. Why? The market is just not focused on the real threat of cyber attacks. Some companies are penetrated, and if they handle the incident well, their share price is unaffected. If companies were to take a consistent hit on their share price for not being prepared, we would start to see more attention to cybersecurity. I suspect we would see a similar effect if trade analysts were to consider cybersecurity as a factor when making investment recommendations. Companies do not yet compete on the basis of security. The corporate world is customer-driven - if customers see strength in cybersecurity as a determining factor in choosing suppliers, and suppliers see security as a competitive advantage, we would see a change in behavior. Companies do not yet feel the pain of regulation. Many believe that companies will not shift their focus until the pain of regulation is upon them, from legislative action or administrative requirements. Kristin Verderame Wed, 26 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-cyber-dichotomy?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=65756 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-organizations-cybersecurity?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=bd7cb Principal with extensive expertise in secure network design and information systems security. Spending Money the Right Way Unfortunately, pain is the biggest motivator for change in every aspect of life, including cybersecurity. Until it hits home or close to home, many organizations believe they are immune to a cyber attack. In fact, I've had clients who have spent millions of dollars on security based on the assumption that spending more money guarantees a more secure network. But if they aren't investing in the right fixes, all the money in the world won't help. Prevention vs. Detection If you look at most organizations' security, they're focusing a majority of their energy on inbound prevention. We want to inspect what comes into the organization and prevent damaging traffic from entering the network to minimize and control the negative potential. That's a good starting point, but it's not a complete solution in this day and age. Prevention is ideal, but detection is a must. Organizations must focus on the traffic leaving their networks and invest in outbound detection tactics to be successful against APTs . Current and evolving attacks are stealthy in nature and designed to circumvent even the most advanced inbound prevention techniques, but it's difficult to disguise significant amounts of data leaving the organization. . . unless the organization isn't looking for it. Security strategies should include studying outbound traffic to identify patterns, such as length of connection, number of connections, and the amount of data leaving the organization. Thick Skin vs. Depth of Defense Another major security investment for organizations is the thick skin of a heavy duty firewall to defend against attempts to breach network security. Again, firewalls are an important component to overall security, but it's little more than a good starting point. In reality, most APTs don't even attempt to compromise a network's firewall. The number one entry point for an APT is through a well-crafted email designed to trick employees into inadvertently compromising the network by clicking a link or opening an attachment, a tactic known as spear- phishing . As such, the best way of minimizing the risk and reducing the impact is by making users aware and convincing them to use best practices and sound judgment with emails and other breach attempts. However, you can't rely on a single measure of protection; you must instill multiple levels of security, including both technical and administrative measures. Compliant vs. Secure Finally, many of our clients have specific regulations and standards to which they must comply. These compliance standards represent a benchmark organizations need to meet, but shouldn't dictate the security approach they take. Too many times, organizations invest heavily to meet the letter of compliance, when a more cost-effective approach would actually increase security and exceed the standards asked of them. Effective treatment for APTs involves preventative measures, early detection, and aggressive remediation and removal tactics. Eric Cole Tue, 25 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-organizations-cybersecurity?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=bd7cb http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-proactive-cybersecurity?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=7a702 Principal with expertise in information security and risk management; recently inducted into the Information Systems Security Association Hall of Fame. There are many ways to get people on board to develop and maintain a proactive cybersecurity program but ultimately it comes down to knowledge, involvement, and recognition to implement a holistic approach across the firm. Stakeholders and business leaders must understand the emerging cyber threats, cybersecurity issues and risks of daily operations. Firms should be collaborating with industry partners to best achieve enduring solutions. Finally, leadership must acknowledge progress and success while reminding staff of their daily involvement in cybersecurity. Understanding Cybersecurity Challenges Right now, there are pockets of cybersecurity initiatives in major corporations separated by functional siloes. In some instances, there's not a cohesive strategy that encompasses all the corporate efforts, causing a discontinuity in their cyber approach. It's important to ensure the entire corporation understands the risks incurred on a daily basis and how risks taken in one segment of operations affect the corporation as a whole. It helps to use real-world examples, not to paint a picture of "the sky is falling," but to really drive home the importance of understanding the full potential of cyber threats and risks should they materialize into incidents. For example, if a medical institution understands their mobile applications can be penetrated and used to administer inappropriate levels of insulin, they'll take security more seriously. Internally, firms can hold regular "summits," or briefings, involving stakeholders and leaders to communicate a common understanding of what cybersecurity activities are taking place across the firm. These business leaders can then work together and implement integrated cybersecurity initiatives to meet firm-wide business needs rather than focusing solely on individual needs. Regular briefings on how to implement a holistic framework across the areas of people, policy, operations, technology, and management will promote internal collaboration when approaching cybersecurity challenges. Collaborating with Alliances With a better understanding of cybersecurity challenges and strategies, involvement with organizations and alliances across industry that promote and participate in collaborative cyber efforts is an effective method to improve your own strategy. Booz Allen belongs to several industry-driven alliances encompassing all markets and capabilities. Involvement with these alliances, like the Cloud Security Alliance, provides perspective on what competitors are doing, the emergent trends in the market, and what threats or opportunities could be coming down the pipeline. Leveraging past experiences and lessons learned, also improves an organization's ability to identify and curtail threats both tactically and strategically. Acknowledgement and Recognition Often, when things are running smoothly, organizations lose sight of the security concerns that face our firm on a daily basis. Moreover, we can forget our personal responsibilities to help maintain cyberecurity. Whether you maintain an internal blog or operate another communication device, it's important to highlight risks and successes to ensure these concerns remain a focus for everyone. Pam Fusco Mon, 24 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-proactive-cybersecurity?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=7a702 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-future?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=76075 What future events might prompt companies to implement proactive cybersecurity efforts? boozallen.com Fri, 21 Oct 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-future?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=76075 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-challenges?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=31a95 What are some of the major challenges in shifting to a proactive cybersecurity approach? boozallen.com Fri, 21 Oct 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-challenges?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=31a95 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-relevance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=31c76 This Expert Voices panel focuses on Cybersecurity in business moving from reactive to proactive approaches. In your opinion, what makes this topic relevant and timely? boozallen.com Fri, 21 Oct 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-relevance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=31c76 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-effective-market-incentives?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=f2f91 Principal with extensive expertise in government affairs and large-scale change management. Former Director of National Intelligence and Booz Allen Executive Vice President Mike McConnell recently stated, "The nation does not even practice . . . what I would call {good} cybersecurity hygiene. We could eliminate much of {the risk} if we just did the basic things - be aware, change passwords, and configure our systems appropriately." Statistics indicated that many don't practice these guidelines. In fact, a recent Norton study reveals that while 74 percent of respondents say they are always aware of cybercrime, only 41 percent of adults indicated that they have an up-to-date security software suite to protect their personal information online, and more than two-thirds fail to use complex passwords or even change passwords regularly. So why don't individuals or corporations take even the easiest of actions to protect themselves against the threat of cybercrime? The answer is simple: the market lacks the appropriate incentives to promote this behavior. So what is it going to take to get corporations to invest in effective cyber security ? The answer is not rocket science - market incentives, if presented in the right context, can go a long way toward pushing companies in the right direction. Proper insurance offerings and protection from legal liability are oft-cited incentives. The House Republican Cybersecurity Task Force released recommendations today calling for these, as well as voluntary standards, tax credits and grant programs. But where is the market in all of this? Do market analysts consider cybersecurity readiness in market valuations? Is this considered as part of the routine due diligence process before investments or acquisitions are made? The answer, I suspect, is 'no.' The obvious next question is, ' why not ?' This warrants recognition by the market to better understand the risks, and reward for those who practice good cybersecurity hygiene. With Norton's estimated cost to the market of $114 billion last year, the market risks from cybercrime are clear. What we really need is the market reward… we need investment bankers, advisors and analysts to step up and include cybersecurity in their regular dialogue, in their analysis and priorities. This is what it will take. Kristin Verderame Sat, 08 Oct 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cybersecurity-dilemma/details/CD-effective-market-incentives?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=f2f91 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-future?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6d561 How will we see strategies for achieving cost-effective IT with increasing cybersecurity evolve in the future? boozallen.com Thu, 08 Sep 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-future?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6d561 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-challenges?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=ace32 What are some of the major challenges today in achieving cost-effective IT with high cybersecurity given the degree of cyber threats? boozallen.com Thu, 08 Sep 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-challenges?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=ace32 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-relevance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=0bab3 This Expert Voices panel focuses on cost-effective IT in the age of mounting cyber threats. In your opinion, what makes this topic relevant and timely? boozallen.com Thu, 08 Sep 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-relevance?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=0bab3 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-citizen-expectations?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=572cf Expert Reactions: Rebecca Nielsen, Senior Associate David touches on the key requirements for eGovernment - convenient, easy, and secure. But there is an interesting dichotomy in the online activities of citizens. People often want strong authentication when it means verifying that they are interacting with the organization they think they are talking to, and they want personalization of their user experience. At the same time they may also want personal anonymity. Citizens don't always want the government or even commercial entities to be able to monitor their on-line activities. If providing their personal information is a requirement of the transaction, such as providing financial information to the IRS when submitting income tax forms, then they want it protected. But for many types of transactions, citizens would prefer not providing personal information at all. Data protection from unauthorized attackers and transparency regarding the sharing of personal information are important, but sometimes the best way to protect personal information is to eliminate the requirement for providing it in the first place. boozallen.com Wed, 24 Aug 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-citizen-expectations?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=572cf http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-PCP2-standard-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6ed31 boozallen.com Tue, 23 Aug 2011 12:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-PCP2-standard-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=6ed31 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-PCP1-decision-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=e8380 boozallen.com Tue, 23 Aug 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-PCP1-decision-process?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=e8380 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-effective-data-security?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=b533c Senior Executive Advisor with more than 30 years of technology and cybersecurity experience. Continuous Data Protection on an Enterprise Level With cyber threats on the rise, the need for 24x7 security monitoring is becoming increasingly important. However, for an individual company or agency, accomplishing this level of security on their own requires a multi-million dollar investment in manpower, equipment, and management consoles. Between monitoring the network environment, aggregating and storing log files, and managing security policies, building and maintaining a distributed security infrastructure necessary to adequately protect customer and corporate data is both time-consuming and cost-prohibitive. When forced to weigh the costs of keeping these functions internal against shrinking IT budgets, more and more companies and agencies are choosing to outsource their security management because it's more cost-effective and, in many cases, a better operation than they could assemble themselves. Achieving Security on a Budget with Managed Services Virtualization, as a key component to cloud computing andmanaged services, has had a tremendous impact on IT and data centeroperations. The ability to tear down and stand up services rapidlyimproves corporate flexibility and serves as a force multiplier toeasily generate more services as the demand arises. However, thisinfrastructure also presents unique security challenges, especiallyif the entire network - including routing, switching, andsecurity devices - isn't virtualized or virtualizationaware. For instance, because multiple services are hosted on singeservers, some data or services that should remain separated may endup co-mingled to maximize available server space. In this case,security devices - which are commonly configured based onphysical locations - may not provide sufficient levels ofsecurity for all the services hosted on a single server. Read more Innovative Thinking for Next Generation Data Security Cloud computing, virtualization, and managed services can certainly help companies achieve their security goals, but challenges continue to multiply. The rapid adoption rate of new technology, such as the iPhone, iPad, and Android devices, into the enterprise adds more access points and creates more risk. Allowing these devices to access the enterprise network causes IT departments to compromise some of their security policies, creating vulnerabilities along the way. And with ever-improving attack methods, it's harder to protect data through traditional perimeter defenses. In the next five to ten years, companies need to work together and develop innovative ways of protecting data using strong encryption, multi-factor authentication, and other methods to get a step ahead of cyber criminals. Ken Silva Sat, 20 Aug 2011 00:00:00 -0400 http://www.boozallen.com/insights/ideas/expertvoices/cost-effective-IT/details/CIT-effective-data-security?utm_source=RSS&utm_content=AllPanels&utm_campaign=ExpertVoices&utm_medium=FeedLink&gko=b533c